X-Git-Url: http://plrg.eecs.uci.edu/git/?a=blobdiff_plain;f=folly%2Fportability%2FOpenSSL.h;h=eceb91d6c4f02c61a0700522d39e0b8e2f1bae85;hb=327ee770028d0e28e51958eb0c635342407b6b06;hp=d5d0b0f6c579d2de8a47dfd6b216860113b701f6;hpb=c5b9338ec192ed46907905d173b65d158a038842;p=folly.git diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h index d5d0b0f6..eceb91d6 100644 --- a/folly/portability/OpenSSL.h +++ b/folly/portability/OpenSSL.h @@ -16,6 +16,8 @@ #pragma once +#include + // This must come before the OpenSSL includes. #include @@ -47,37 +49,37 @@ // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are // intended to be specific to OpenSSL. #if !defined(OPENSSL_IS_BORINGSSL) -# define FOLLY_OPENSSL_IS_100 \ +#define FOLLY_OPENSSL_IS_100 \ (OPENSSL_VERSION_NUMBER >= 0x10000003L && \ OPENSSL_VERSION_NUMBER < 0x1000105fL) -# define FOLLY_OPENSSL_IS_101 \ +#define FOLLY_OPENSSL_IS_101 \ (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \ OPENSSL_VERSION_NUMBER < 0x1000200fL) -# define FOLLY_OPENSSL_IS_102 \ +#define FOLLY_OPENSSL_IS_102 \ (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \ OPENSSL_VERSION_NUMBER < 0x10100000L) -# define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L) #endif -#if !OPENSSL_IS_BORINGSSL && !FOLLY_OPENSSL_IS_100 && !FOLLY_OPENSSL_IS_101 \ - && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110 -# warning Compiling with unsupported OpenSSL version +#if !OPENSSL_IS_BORINGSSL && !FOLLY_OPENSSL_IS_100 && !FOLLY_OPENSSL_IS_101 && \ + !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110 +#warning Compiling with unsupported OpenSSL version #endif // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI. -#if OPENSSL_IS_BORINGSSL || \ +#if OPENSSL_IS_BORINGSSL || \ (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT)) -# define FOLLY_OPENSSL_HAS_SNI 1 +#define FOLLY_OPENSSL_HAS_SNI 1 #else -# define FOLLY_OPENSSL_HAS_SNI 0 +#define FOLLY_OPENSSL_HAS_SNI 0 #endif // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN. -#if OPENSSL_IS_BORINGSSL || \ +#if OPENSSL_IS_BORINGSSL || \ (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)) -# define FOLLY_OPENSSL_HAS_ALPN 1 +#define FOLLY_OPENSSL_HAS_ALPN 1 #else -# define FOLLY_OPENSSL_HAS_ALPN 0 +#define FOLLY_OPENSSL_HAS_ALPN 0 #endif // This attempts to "unify" the OpenSSL libcrypto/libssl APIs between @@ -108,6 +110,16 @@ int X509_get_signature_nid(X509* cert); int SSL_CTX_up_ref(SSL_CTX* session); int SSL_SESSION_up_ref(SSL_SESSION* session); int X509_up_ref(X509* x); +int EVP_PKEY_up_ref(EVP_PKEY* evp); +void RSA_get0_key( + const RSA* r, + const BIGNUM** n, + const BIGNUM** e, + const BIGNUM** d); +RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey); +DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey); +DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey); +EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey); #endif #if !FOLLY_OPENSSL_IS_110 @@ -116,6 +128,7 @@ int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int)); int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int)); const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s); +unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x); EVP_MD_CTX* EVP_MD_CTX_new(); void EVP_MD_CTX_free(EVP_MD_CTX* ctx); @@ -126,11 +139,57 @@ void HMAC_CTX_free(HMAC_CTX* ctx); unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s); int SSL_SESSION_has_ticket(const SSL_SESSION* s); int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g); +void DH_get0_pqg( + const DH* dh, + const BIGNUM** p, + const BIGNUM** q, + const BIGNUM** g); +void DH_get0_key(const DH* dh, const BIGNUM** pub_key, const BIGNUM** priv_key); + +void DSA_get0_pqg( + const DSA* dsa, + const BIGNUM** p, + const BIGNUM** q, + const BIGNUM** g); +void DSA_get0_key( + const DSA* dsa, + const BIGNUM** pub_key, + const BIGNUM** priv_key); + +X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx); +STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx); +STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx); +bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d); +void RSA_get0_factors(const RSA* r, const BIGNUM** p, const BIGNUM** q); +void RSA_get0_crt_params( + const RSA* r, + const BIGNUM** dmp1, + const BIGNUM** dmq1, + const BIGNUM** iqmp); +int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s); +void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM** pr, const BIGNUM** ps); + +using OPENSSL_INIT_SETTINGS = void; +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings); +void OPENSSL_cleanup(); + +const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r); +const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r); + #endif -} -} -} +#if FOLLY_OPENSSL_IS_110 +// Note: this was a type and has been fixed upstream, so the next 1.1.0 +// minor version upgrade will need to remove this +#define OPENSSL_lh_new OPENSSL_LH_new + +// OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that +// indicates it isn't supported. +#define OPENSSL_NO_SSL2 +#endif +} // namespace ssl +} // namespace portability +} // namespace folly FOLLY_PUSH_WARNING #if __CLANG_PREREQ(3, 0)